AntiSpamNews - News To Save Your Inboxhttp://www.antispamnews.com
News To Save Your InboxFri, 13 Feb 2015 14:16:15 +0000en-UShourly1Paypal Payment Reversal Email: Scam?http://www.antispamnews.com/2015/02/13/paypal-payment-reversal-email-scam/
http://www.antispamnews.com/2015/02/13/paypal-payment-reversal-email-scam/#commentsFri, 13 Feb 2015 14:16:15 +0000http://www.antispamnews.com/?p=438I just got an email from PayPal saying that there’s a payment reversal on my account and that I need to log in to explain what happened. But I haven’t bought or sold anything through PayPal in months. Is this legit or some phishing or other scam?

It’s a scam. If it’s like what I received the other day, it’s also an extraordinarily well constructed scam, down to a perfect clone of the PayPal home page and a domain that’s really close to the paypal.com domain. This isn’t some kid putting the scam together in his basement either, it’s very well done.

But you wouldn’t have to worry about it if you follow my basic rule of thumb: Never click on a link in an email message.

This is most important on sites that require you to log in, of course, so a link to the Google home page — or to AskDaveTaylor.com — isn’t anywhere near as questionable. But a link to your bank, PayPal, eBay, Amazon or anything like that is problematic and should be avoided at all times.

Got it? Don’t click.

Meanwhile, let’s step through this phishing scam and see what they’re doing.

To start, here’s the email I received. Probably looks just like what you got:

There are two things wrong here. First, there’s no SSL secure site indicator from the browser (in this case, Google Chrome), but if you look really closely at the URL you can hopefully spot the problem:

See it? It’s subtle. On first glance, in fact, I saw “www.payipal.com” and said “Ha!” wrong domain. But look even closer and that’s wrong too, the domain is actually payipal-com-web-apps.cf and the .cf domain? That’s a new one for me too, turns out it’s the Central African Republic, of all places. Definitely not where PayPal is located!

Whether you enjoy putting on your deerstalker and playing detective or just want to avoidproblems, it’s always best to stick to my rule: don’t click on links in email.

]]>http://www.antispamnews.com/2015/02/13/paypal-payment-reversal-email-scam/feed/0Google’s CAPTCHA reCAPTCHA is Flawed, Won’t Stop Spam Botshttp://www.antispamnews.com/2014/12/31/googles-captcha-recaptcha-flawed-wont-stop-spam-bots/
http://www.antispamnews.com/2014/12/31/googles-captcha-recaptcha-flawed-wont-stop-spam-bots/#commentsWed, 31 Dec 2014 17:13:15 +0000http://www.antispamnews.com/?p=436Google recently released a new tool for website owners called CAPTCHA reCAPTCHA. Google claims that if a site owner uses their CAPTCHA reCAPTCHA tool, it will be able to distinguish between a human and a bot:

Protect your website from spam and abuse while letting real people pass through with ease…

Google claims that they “went back to the lab” and reinvented the captcha process, and this one is “more secure” according to their YouTube video (which I have embedded below):

Well, according to Egor Homakov, Google’s new CAPTCHA reCAPTCHA is seriously flawed. It turns out that “bots can use an OCR tool to solve the information or require somebody to solve the image initially, post which, the bot can retain the cookies and continue scraping!” according to ShieldSquare.

Mr. Homakov explains that Google’s new CAPTCHA reCAPTCHA is flawed. “The thing is No CAPTCHA actually introduces a new weakness!”

It’s pretty much a serious weakness of new reCAPTCHA – instead of making everyone recognize those images we can make a bunch of good “trustworthy” users generate g-recaptcha-response-s for us. Bot’s job just got easier!

It turns out that Google’s CAPTCHA reCAPTCHA can be bypassed by another technique, using the website’s public key. Mr. Homakov explains how this is done, and even wrotecode to do it on GitHub.

Now if that’s isn’t a Christmas present for the spammers…. Merry Christmas!

I’m an avid Instagram user and love seeing what everyone else is posting, but sometimes I’ll post something and someone I don’t know will leave a stupid or spammy comment on my image. Sucks. Is there a way to delete bad comments?

If you’re an avid Instagrammer then I expect you’re already following me too, but just in case, you can find me on Instagram — and I’m a big fan of the service too — as d1taylor on Instagram and see the wide range of photos I post each week.

Back to topic, however! Yes, you’re right that however much you’d like to think of your Instagram photos as being shared with just the people who follow you, the fact is that they’re generally visible to the whole world if you don’t have a closed account. Which means that sometimes deadbeats, scammers and other folk leave comments that are rude, inappropriate or you just don’t like.

Fortunately, you can delete comments on your pictures, though it’s not at all obvious how to do so.

To start, here are the notifications from a few recent photos I posted on Instagram. This is all on the iPhone app, but the Android app works quite similarly:

Notice that second entry, from gabrielleonline. I have no idea who that is, but seriously “Teenage Love Spell”? Ugh. Totally unrelated.

To delete it from the photo of the Amazon Kindle Fire HD Kids Edition box I posted, however, involves jumping through some hoops.

To start, go to the photo in question and you’ll see the comments:

At this point you might think you can delete the offending comment but you cannot.

To do so, tap on “Comment” as if you were going to leave a new comment of your own.

Now you’ll see this:

You don’t want to add a comment, however, you want to swipe your finger right-to-left on top of the offending comment.

Magically an option appears:

Well that’s interesting!

Turns out the arrow option just removes the trash icon, which is a bit weird as you’d think it did something more interesting. Maybe it’s a UI element in progress?

In any case, tap on the red button with the tiny white trashcan…

There ya go. You can report them as a spammer or for hate comments if you have something like that, or you can more benignly just tap on “Delete” to delete the comment.

]]>http://www.antispamnews.com/2014/11/14/can-remove-spammy-comment-instagram/feed/0Facebook Invests Heavily In Fight Against Spamhttp://www.antispamnews.com/2014/10/10/facebook-invests-heavily-fight-spam/
http://www.antispamnews.com/2014/10/10/facebook-invests-heavily-fight-spam/#commentsFri, 10 Oct 2014 13:27:50 +0000http://www.antispamnews.com/?p=432Facebook revealed on Friday that it has obtained nearly $2 billion in legal judgments against spammers, and talked extensively about how it won’t put up with fake likes and other spam on its network.

The company says it’s honoring Cyber Security Awareness Month by discussing how it is fighting spam, and giving tips to users for “authentic interactions”.

Facebook’s Matt Jones writes in a blog post, “Most people rarely come into contact with spam or other low quality content on Facebook, but we’re constantly working to make our service even better. It’s important to remember that fraudulent activity is bad for everyone — including Page owners, advertisers, Facebook and people on our platform. We adapt our defenses constantly to stay ahead of spammers’ techniques, and one area we’ve focused on for several years is fake likes. We have a strong incentive to aggressively go after the bad actors behind fake likes because businesses and people who use our platform want real connections and results, not fakes. Businesses won’t achieve results and could end up doing less business on Facebook if the people they’re connected to aren’t real. It’s in our best interest to make sure that interactions are authentic.”

“The spammers behind fake likes have one goal — to make money off of Page owners without delivering any value in return. They make their profit by promising and generating likes to Facebook Page administrators who typically don’t understand that fake likes won’t help them achieve their business goals,” Jones says. “Fake like peddlers tempt Page admins with offers to ‘buy 10,000 likes!’ or other similar schemes. To deliver those likes, the scammers often try to create fake accounts, or in some cases, even hack into real accounts in order to use them for sending spam and acquiring more likes. Since these fraudulent operations are financially motivated businesses, we focus our energy on making this abuse less profitable for the spammers.”

Tips for authentic interactions Facebook gives include not buying fraudulent likes, focusing on key business objectives, and being cautious to avoid infecting your computer with malware. Each of these, as well as Facebook’s general approach to “site integrity,” is discussed further in the post if you want to dive in.

]]>http://www.antispamnews.com/2014/10/10/facebook-invests-heavily-fight-spam/feed/0Bing Announces Filter For URL Keyword Stuffing Spamhttp://www.antispamnews.com/2014/09/19/bing-announces-filter-url-keyword-stuffing-spam/
http://www.antispamnews.com/2014/09/19/bing-announces-filter-url-keyword-stuffing-spam/#commentsFri, 19 Sep 2014 13:33:08 +0000http://www.antispamnews.com/?p=368Bing revealed in a blog post this week that it rolled out an update to its algorithm a few months ago that targets URL keyword stuffing. They had alluded to such an update in another recent post.

Like any other black hat technique, the goal of URL KWS, at a high level, is to manipulate search engines to give the page a higher rank than it truly deserves. The underlying idea unique to URL KWS relies on two assumptions about ranking algorithms: a) keyword matching is used and b) matching against the URL is especially valuable. While this is somewhat simplistic considering search engines employ thousands of signals to determine page ranking, these signals do indeed play a role (albeit significantly less than even a few years ago.) Having identified these perceived ‘vulnerabilities’, the spammer attempts to take advantage by creating keyword rich domains names. And since spammers’ strategy includes maximizing impressions, they tend to go after high value/ frequency/ monetizable keywords (e.g. viagra, loan, payday, outlet, free, etc…)

Rondel notes that not all URLs containing multiple keywords are spam, and that the majority actually aren’t. For this reason, Bing is using its new detection technique in combination with other signals.

“Addressing this type of spam is important because a) it is a widely used technique (i.e. significant SERP presence) and b) URLs appear to be good matches to the query, enticing users to click on them,” he says.

Bing isn’t giving out all the details about its detection algorithms to prevent abuse, but does note that it takes into account things like: site size; number of hosts; number of words in host/domain names/path; host/domain/path keyword co-occurrence; percentage of the site cluster comprised of top freqeuncy host/domain name keywords; host/domain names containing certain lexicons/pattern combinations; and site/page content quality and popularity signals.

]]>http://www.antispamnews.com/2014/09/19/bing-announces-filter-url-keyword-stuffing-spam/feed/0Google Takes Further Gmail Security Precautions with Non-Latin Character Supporthttp://www.antispamnews.com/2014/08/22/google-takes-gmail-security-precautions-non-latin-character-support/
http://www.antispamnews.com/2014/08/22/google-takes-gmail-security-precautions-non-latin-character-support/#commentsFri, 22 Aug 2014 13:12:14 +0000http://www.antispamnews.com/?p=366Last week, Google announced that it started recognizing non-Latin characters in email addresses, opening up the ability for users to send and receive emails in more languages. By doing this, however, they were potentially opening the door to more spam slipping through the cracks courtesy of bad actors using sneak character combinations.

Google isn’t letting this happen though. The company announced in a blog post that they have taken measures to prevent this type of thing. Mark Risher of the Spam & Abuse Team writes:

Scammers can exploit the fact that ဝ, ૦, and ο look nearly identical to the letter o, and by mixing and matching them, they can hoodwink unsuspecting victims. Can you imagine the risk of clicking “ShဝppingSite” vs. “ShoppingSite” or “MyBank” vs. “MyBɑnk”?

To stay one step ahead of spammers, the Unicode community has identified suspicious combinations of letters that could be misleading, and Gmail will now begin rejecting email with such combinations. We’re using an open standard—the Unicode Consortium’s “Highly Restricted” designation—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused.

These changes began rolling out on Tuesday. Google says it hopes others in the industry will “follow suit”.

]]>http://www.antispamnews.com/2014/08/22/google-takes-gmail-security-precautions-non-latin-character-support/feed/0Industry Spam Rings Plague Google Local, Cause Problemshttp://www.antispamnews.com/2014/08/01/industry-spam-rings-plague-google-local-cause-problems/
http://www.antispamnews.com/2014/08/01/industry-spam-rings-plague-google-local-cause-problems/#commentsFri, 01 Aug 2014 12:46:04 +0000http://www.antispamnews.com/?p=364Google Local, now known officially as Google My Business, has to deal with what they call “industry spam rings”, which are plaguing Google’s local listings like a virus. And as a result, they’ve changed their internal policies in order to deal with these industry spam rings. Google is, in some cases, manually going to a location to confirm the NAP data and make sure that they serve customers at that location.

I recently met with an unidentified source who is very familiar with the inner workings at Google Local. He explained to me that Google is ver aware of “industry spam rings”. That’s the exact words that the Google employees have called this issue. The industries involved in the industry spam rings are:

There are a few other industries also involved, but typically those are the main industries that have been revealed to me by my source. I would imagine that some other competitive industries, such as carpet cleaning may be involved in this, as well. Essentially, these industry spam rings are involved with setting up multiple locations within a city, typically with more than one business name and phone number, which would be against Google’s guidelines. By setting up more than one location in a city, there is a better chance of a local business ranking in the local search results in Google.

To combat the industry spam rings, Google is doing several things. For example, local listings in these industries are subject to a manual location review. Google will manually go to the location to confirm that the NAP (Name, Address, Phone Number) data is correct–and that the business actually serves customers at that location. During a manual review, Google may be looking for suite numbers of other businesses that the company may own, as well.

What You Can Do
There are several things you can do that really appear to help a local website rank better in the Google search results. Here are a few that you probably have not heard about before:

– Add images of the location (photos). Make sure that the longitude and latitude of the location appears in EXIF data.
– Make sure there are branded signs in the images and photos uploaded to Google Local.
– The NAP (Name, Address, Phone) data should appear on the door of the business.

According to my source, “the automated syncers at Google knowingly make mistakes now more than ever with moving location pins and changing data in the local listings.” He claims that he has evidence that automated syncers at Google have moved location pins and changed data in the local listings, and it happens a lot.

Verification Flaw in Google Local
There is also apparently a flaw in the internal Google system that has not been fixed. Apparently Google is aware of the problem, though. Here’s the flaw:

If the local listing on Google is verified, the internal Google system has a flaw that causes the listing to have to be verified again. When Google changes “Suite” or “Unit” – etc., to “#”, the system regards that as changing the address and will require another verification. This seems to happen after logging into the local listing dashboard for Google Local (now called Google MY Business) and the gray box at the top states that Google has gotten other information about the listing and needs you to click the button.

After clicking the button again, the listing will need to be re-verified. According to my source, while talking to a Google representative, he asked that it be manually fixed it so another postcard did not have to be sent. The Google representative explained that “Industry Spam Ring” companies usually will not be allowed to phone verify, even though the option is there to do so. The message will state that phone verification “cannot be done at this time”.

Google’s internally identifying of “industry spam rings” in Google Local (Google My Business) has not been made public before from what I can tell. They certainly are aware of businesses that are spamming Google Local, and perhaps this latest Google Pigeon update has attempted to take care of some of these issues. Google manually verifies some of the listings, especially in certain industries that are in the “industry spam rings”. This can cause a problem for some businesses, however, as there could be landlord issues. Some landlords do not allow tenants to post their signs outside the business.

]]>http://www.antispamnews.com/2014/08/01/industry-spam-rings-plague-google-local-cause-problems/feed/0Matt Cutts Recommends Using Real Name, When Posting Blog Comments!http://www.antispamnews.com/2013/11/15/matt-cutts-recommends-using-real-name-when-posting-blog-comments/
http://www.antispamnews.com/2013/11/15/matt-cutts-recommends-using-real-name-when-posting-blog-comments/#commentsFri, 15 Nov 2013 13:52:59 +0000http://www.antispamnews.com/?p=361In his recent video, Matt Cutts has offered tips on how to ensure that your blog comments are not considered spam by Google.
Cutts said that most of the times, leaving links to your website or commenting is not a direct spam but it can be abused. The tips offered by Cutts to escape the situation are:

Using real name while commenting. When you leave a company name or use anchor text you want to rank for, it appears to Google that your purpose of leaving a comment is commercial marketing & this may look spammy

If Google finds out that majority of the links to your website come from blog comments, it will assume that your primary strategy is link building & might raise a red flag.

]]>http://www.antispamnews.com/2013/11/15/matt-cutts-recommends-using-real-name-when-posting-blog-comments/feed/0Geolocation is Not Spam as Long as you are Not Cloaking; Matt Cutts!http://www.antispamnews.com/2013/10/18/geolocation-is-not-spam-as-long-as-you-are-not-cloaking-matt-cutts/
http://www.antispamnews.com/2013/10/18/geolocation-is-not-spam-as-long-as-you-are-not-cloaking-matt-cutts/#commentsFri, 18 Oct 2013 12:39:06 +0000http://www.antispamnews.com/?p=357In his latest video, Matt Cutts has told that Google is absolutely fine with Geolocation as long as you are treating Googlebot the same way you will be treating other users.

The question asked to Cutts was:

“Using Geo-detection technique is against Google, I am offering the useful information (price, USP’s) to the users based on the Geo-location, will Google consider this as a Spam i.e. showing X content to SE and Y content to user”.

Matt said that Geolocation is not spam as long as you are redirecting someone from a German IP to the German version of the page or German domain.

Cutts advised webmasters not to treat search engines in a different way from a regular user. If Googlebot comes in, check the IP address, and redirect Googlebot to the US version of the page or dot com or whatever you will serve to the regular US user.

Geolocation is not spam. And even Google does the same. It sends the user to what it thinks is the most appropriate page based on different signals and usually the IP address of the user.

Showing X content to SE and Y content to users is however cloaking. Showing different content to Googlebot than to users is something you should be careful about.

You will be totally fine and in good shape as long as:

You are treating Googlebot as any other user

You don't have special code that looks for the IP address of Googlebot

You don’t have special code that looks for the user agent of Googlebot

]]>http://www.antispamnews.com/2013/10/18/geolocation-is-not-spam-as-long-as-you-are-not-cloaking-matt-cutts/feed/0Is Google Authorship just an Elaborate Spam-Detection Tool?http://www.antispamnews.com/2013/09/20/is-google-authorship-just-an-elaborate-spam-detection-tool/
http://www.antispamnews.com/2013/09/20/is-google-authorship-just-an-elaborate-spam-detection-tool/#commentsFri, 20 Sep 2013 12:30:31 +0000http://www.antispamnews.com/?p=354If you’re reading this blog then you’re probably familiar with the world of SEO and link building. You probably also like to keep up on the most recent SEO and link building news; and by keeping up on the latest SEO news I imagine that you have come across an article or two about Google+ and Google Authorship. The topic of Google Authorship has been beaten like a dead horse within the SEO community (in fact you may have rolled your eyes when you saw those two words in the title of this article) and for the most part it has been widely championed. However, a recent theory about Authorship being nothing more than an elaborate spam-detection tool has interested me greatly and I would like to examine this idea more closely.Skepticism and Hesitation Regarding Authorship

As mentioned before, many people within the SEO community have endorsed Google Authorship but it seems that there are still some who are hesitant to claim it. Some skepticism over Authorship remains as seen by articles like this that claim Authorship actually decreased traffic.

Although the claims in this article appear to be inaccurate as even Google’s own Matt Cutts came out and explained that the recent Penguin update was the reason for the drop. However, I find this mistrust of Authorship very interesting. A much more plausible reason for the skepticism surrounding Authorship is in regards to SEOs and the potential for Google to utilize Authorship as an anti-spam tool.

Possibility of Google Authorship as a Spam-Detection Tool

This is the actual idea that intrigued me and inspired me to write this article. The reason that this notion piqued my interest is that it is much more plausible. It may not be the case at all, but with the way Authorship is set up there is certainly potential for Google to use it in this manner.

The way that Authorship works is by connecting your content on the web to your G+ profile. This is done through a rel=author tag in your content and a “Contributor to” list on your G+ profile. The contributor list is where this concept of Authorship as an anti-spam tool was derived. It could be possible for Google to track which websites you are contributing to and devalue your links if they appear to be unnatural.

For instance, an author who writes on many different topics in many different niches may seem suspicious to Google. Those who are hesitant to claim Authorship believe that they will be penalized for contributing to various different blogs (for which there is yet to be any proof). Also, there is fear that if you are an employee writing on behalf of a company that your links will be diminished as well because Google can see that you work for said company (again, no proof yet).

Potential Effects on SEO

Mind you, this is very hypothetical; but if Authorship turned out to be nothing more than an elaborate spam-detection tool, it would have an effect on some SEOs. Namely, it would have an effect on black-hat SEOs. Remember, this would be a tool that fights against SPAM! The type of potential penalties that would be imposed shouldn’t affect any type of white-hat SEO practices.

As mentioned before, Google could possibly keep tabs on an author’s contributor list but as long as that author was contributing quality content, in the eyes of Google, I see no reason as to why they would be penalized. This is why it is so important to determine what constitutes quality content in the eyes of Google and as an SEO you should be producing content that falls under these criteria.

A few different factors come into play when Google is determining what is valuable and quality content. One thing that Google uses to determine quality is audience interaction such as comments, social shares, etc. This makes sense, as a high quality article that provides value to its audience would inspire engagement and interaction. Google is always looking to improve the user experience and when they see high levels of interaction they know that the content sparking the engagement must provide some value to users. Google rewards content that provides value to its audience and Google uses audience interaction as an indication of this.

Another thing to consider when trying to produce content that would be viewed as valuable in the eyes of Google is the caliber of site you are publishing your content on. This is where Google could potentially penalize authors through the “Contributor To” list as those that contribute to low-quality; spammy sites would surely be punished. You want to place your content on a trusted and high quality site that has a high level of audience engagement. A good way to determine the quality of the site is by checking its domain authority, which can be found by using a tool like the MozBar.

It makes sense that Google would view content on these sites as more valuable since sites with a higher domain authority (DA) tend to be more difficult to publish on and have higher standards than lower DA sites. Relevancy is also something to keep in mind, as the content you produce should be relevant to the site it is on and the audience it is written for. After all, there won’t be much audience interaction if the content isn’t relevant and as I mentioned before that is a bad thing.

As for the argument of Google discrediting links from authors who list their employers, I see no negative effects for white-hat SEOs here either. As long as the person is producing content that Google would view as high quality and valuable, Google has no reason to diminish the value of these links as this content would still provide value to the audience, regardless of who the author works for.

If Google were by chance to eventually implement any of the ideas mentioned here, it would certainly have an effect on SEO. However, I fell this would be a good effect as it would deter spammers and black-hat SEOs from tarnishing and abusing the platform of guest posting. Regardless of Google’s future intentions with Authorship; producing high quality content that engages readers on high caliber sites will not only keep you in the good graces of Google but also improve the overall landscape of the internet as a whole.